?
Solved

Remote login failure

Posted on 2009-05-11
5
Medium Priority
?
612 Views
Last Modified: 2012-05-06
Hi All,

I have recently enforced a new password policy in SBS 2003 requiring users to change their passwords.  This worked fine without a glitch at our local site, but we have some remote users connecting via VPN who are getting login failure alerts showing up on the server, presumably after just changing their passwords.

What is weird though is in the event ID logs it is showing a different name than our domain name next to the failed audit log.  Because they have strenuously assured me that they haven't changed the domain name and I can't verify it, I'm just wondering if it is at all possible that this could be anything other than an incorrect domain name entry? And if possible, why would it be displayed incorrectly in the audit logs?  

Logon Failure:
  Reason: Unknown user name or bad password
  User Name: bshort
  Domain: ASI-BRIAN
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name: ASISERVER
  Caller User Name: NETWORK SERVICE
  Caller Domain: NT AUTHORITY
  Caller Logon ID: (0x0,0x3E4)
  Caller Process ID: 11172
  Transited Services: -
  Source Network Address: 217.165.94.157
  Source Port: 2350




0
Comment
Question by:Fritch84
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:MattShadbolt
ID: 24360102
can you ask the user to attempt to login DOMAINNAME\Username?
0
 
LVL 1

Author Comment

by:Fritch84
ID: 24360150
Well they won't come on for another 6 hours or so (different time zones).  I'll definitely request that they try that.

Another weird thing is that I've been able to use their credentials to connect and it works fine for me.  I'm really hoping this is just a simple case of user error - their Internet was down at their site for some time (unrelated) so it's possible they tried to manipulate settings to try to connect.  

Does it make sense that there's something other than our real domain name listed in the event log next to the domain entry?
0
 
LVL 4

Expert Comment

by:MattShadbolt
ID: 24360159
i totally agree Fritch. If the creds work on your machine than its more than likely user error.
0
 
LVL 1

Author Comment

by:Fritch84
ID: 24360235
Thanks for the reassurance.  He sounded so adament that no other changes were made - but the incorrect logs and the fact it works for me completely contradicted him.  I was just wondering if this issue could occur from anything else that I enforced in the group policy.  I'll see how it goes this afternoon and let you know.  

0
 
LVL 1

Accepted Solution

by:
Fritch84 earned 0 total points
ID: 24381322
The issue just miraculously disappeared...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question